IBM Security QRadar Reviews

The primary use case of this solution is for monitoring the network.

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

I have been working with QRadar for two years.

We are working with the latest version.

The stability is excellent.

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

The third-party vendor manages the system

We had a third party vendor to complete the installation, so it wasn't bad.

We evaluated all of the Gartner top quadrants.

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

It has helped our clients to see how things have changed when comparing the initial behavior, and what is currently happening with the user's internet. It maintains archives on the behavior.

The most valuable features are the versatility of this solution and the variety of things you can do with it. 

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

We have been working with QRadar for less than one year.

This is a very stable product.

This is a scalable product that can scale to a large-sized organization.

My client for QRadar is medium-sized.

You need someone with the proper skills to complete the setup. The complexity of it depends on the features that you are looking for, and it can become very complex. The deployment can take between 16 and 20 days, depending on what needs to be configured.

It's a process to deploy, but once you have it configured it's easy to operate.

The deployment can be done in-house.

The pricing is okay, it's comparable to other vendors.

It's not expensive for the resources that it gives you.

I think the tool is very complete and very agile.

I would rate this solution a ten out of ten.

It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

I have been using this solution for one and a half years. We have been using this solution in our company for about four years. We have around 800 to 900 users.

It is very stable, but the hard drive sometimes does not have logs.

IBM is always there to support us. We have no trouble with them.

We have agreements with different companies for support. They are good. For some issues, they take more time, like a day or two days. 

We have almost ten engineers for IT sites.

I would rate IBM QRadar User Behavior Analytics an eight out of ten.

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.

It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. 

It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

I have been using this solution for about two years. We implement this solution as well as do demonstrations. We are also using it.

It's quite stable. 

It could be quite scalable, but it is not so easy to use when you have a lot of users. Because of the user interface shortcomings, it's not so useful when you have thousands of users. 

The second line of support is quite inexperienced in User Behavior Analytics, and they rarely are able to help. We had several serious issues with this product, which made it impossible to use for a customer. We had to spend a lot of time in finding the right person to help us in resolving the issues.

The initial setup is really straightforward. IBM QRadar User Behavior Analytics is very easy to deploy. Usually, if someone has already installed QRadar SIEM, then deploying User Behavior Analytics takes two to three hours.

It's free of charge.

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

One to three years...

No issues.

Very good

Mcafee, switched due to the bad correlation of data.

It was straightforward

Splunk and Logrhythm..

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.

I really like the feature we have with the logs, that if there are any credit card numbers  being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar.

In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere.

Additionally, there should be integration with IBM Guardian. 

Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.

I have been using IBM QRadar User Behavior Analytics for a month or two.

In terms of stability, in my current company, QRadar is working fine. But in my previous organization that was using QRadar, we experienced some QRadar failures. There were two or three times the data was wiped out instead of transferring to EGA and we had to restart QRadar from scratch and all the data was lost. It happened a lot. Maybe it was due to lack of management since it was a new company.

We do have experience with support. We get support from the IBM people in Karachi, Pakistan.

They're good.

The initial setup was really easy, it was really straightforward. I got it done in one day.

What advice would I give? I want the certification to be very honest. I typically like the hands-on with QRadar, they're quite different.

On a scale of one to ten, I would rate IBM QRadar User Behavior Analytics a seven.

I have used other solutions, like LogRhythm, for a few use cases like ransomware detection, etc.. and there were less false positives there. With the ransomware especially, it was very thin there. We actually have very few use cases and there were lots of false positives with QRradar. If I compare the AI function and the logarithms I think it needs some improvement. 

It is a complex product compared to LogRhythm.

The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.

My favorite thing is that it comes with good usability.

It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts.

The price of this solution is a little bit expensive, so if it were cheaper then it would help.

While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

I have been using IBM QRadar for about a year.

We have not experienced any issues with stability.

Scalability has not been a problem, although our environment is not very big. Perhaps at a later stage and with a bigger environment, we might have issues.

I have been in contact with technical support on one or two occasions. The experience was good and we are satisfied.

I also have experience using Splunk.

The initial setup is really straightforward. It's a bonus point of this solution.

I would rate this solution an eight out of ten.

We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.

In terms of valuable features, QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it give a very good correlation for business. I think it reduces the false positives in user activity monitoring because we have a lot of social information to correlate with other data.

From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.

I have been working with IBM QRadar User Behavior Analytics for two years.

I have not seen any issues with the stability of the solution either.

I have not seen any issues with the scalability of the solution

The technical support is fine now. I was not happy with the support when we started with this solution in 2017. If you look at that first year, 2017 to 2018, they had lots of support issues. We logged the cases and they would only call us back depending on their resources. There were no options to call them on a landline or a hotline number. They needed improvement there. They should have had a dedicated support response. Over the last year I have seen an improvement. I used to wait for a week to get a call back from them, but now, when you have critical tickets they will respond in two or three hours, depending on the criticality of your support case. They have improved.

The initial setup was neither straightforward nor too complex. It did take some effort to implement, but it was manageable. We did not see any issues implementing it. We actually completed it in three to six months. When we initially implemented it we used some fresh use cases and observed the performance but these were all completed in three to six months. The initial deployment took hardly one week.

Regarding the price, it is a bit high for normal customers. It is better for enterprise-class customers where they get a licensing model for MSSP for enterprises.

We are a service provider company, so our recommendations depend on the customer's preference. The best we can do is propose the solution based on support, pricing, and their requirements.

Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product.

On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.